Implantable medical devices (IMDs) apply continuous monitoring and automatic therapies for the treatment of chronic medical disorders. IMDs may be implemented partially or fully in patients' bodies, and are often sophisticated devices containing batteries, embedded CPUs, sensors, and actuators. In recent years, IMDs have been used to treat a broadening range of disorders, and thus their use is growing. An example of an IMD is an implantable cardioverter defibrillator (ICD), which can detect dangerously rapid heart rhythms and administer an electric shock to restore normal cardiac activity. Other IMDs include pacemakers, neurostimulators and implantable drug pumps.
IMDs generally contain radios for communication with external devices, or programmers. Programmers can reprogram IMDs and extract patient data from them. Such wireless communication permits safe, non-invasive access to IMDs. Wireless communication, however, brings security risks of embedded computing into the human body. For example, attackers can exploit design flaws in common IMDs to seize unauthorized control and potentially harm victims as well as expose privacy-sensitive data.
At the same time, IMDs must allow rapid, unimpeded access by medical personnel. A patient's life may depend on the ability of first responders to gain swift access to his or her IMDs. An access-control system that requires emergency medical technicians to reference a secure database, obtain a password from the patient, or access a patient's wallet or handbag poses a threat to timely medical intervention.
It is apparent from the foregoing that a strong tension exists between the requirements of IMD security and IMD accessibility. What is needed is an approach that achieves a suitable balance between these competing requirements. Conventional techniques fail to provide adequate solutions for authentication of external devices to IMDs. Techniques for providing a solution to the problem of emergency access to IMDs are discussed in U.S. patent application Ser. No. 12/251,036, entitled “Access Control for Implanted Medical Devices”, which is commonly assigned herewith and incorporated by reference herein. Although some progress has been made, further improvements are required to adequately address the above-noted problems of access to IMDS.